A uniquely TrainedSecurity Force

INTELLIGENCE LED DIGITAL FORENSICS INCIDENT RESPONSE

INTELLIGENCE LED DIGITAL FORENSICS INCIDENT RESPONSE

Course Description

Threat Intelligence (TI) provides crucial defense posturing for proactive defense against malicious actors. Alternatively, the application of the intelligence processes to reactive incident response protocols offers valuable insight and context into the likely threat vector, the stage of the attack plan and the motive of a cyber adversary. This threat insight and attack context greatly reduces the time it takes to respond to an event.

COURSE OVERVIEW

This course will present through scenario based instruction, utilization of the intelligence cycle (Planning, Collection, Analysis, and Dissemination) to guide students through the process of discovering an event as well as the consequent investigation of an incident. Students will use intelligence to reorient their strategic response plan to leverage the power of tailored response and recovery to greatly reduce reaction times. Students will learn to apply intelligence collection and analytic methodologies to both internal forensic investigation and external threat intelligence by coupling the hands on application of threat intelligence collection and analysis to digital forensic doctrines and techniques.

MODULES IN THIS COURSE

Foreward: Scenario introduction

Lesson 1: Introduction to Intelligence & Incident Response

Lesson 2: Planning and Directing DFIR

Lesson 3: Generating DFIR Requirements

Lesson 4: Intelligence Collection & DFIR Operations

Lesson 5: Evidence and Information Processing and Exploitation

Lesson 6: DFIR Analysis and Reporting

Lesson 7: Case Wrapup & Exercise

TARGET AUDIENCE

Students that are likely to conduct incident response though the use of digital forensics and the application of intelligence to guide ongoing operations. 

PREREQUISITES

Students should bring a laptop and possess a basic comprehension of digital forensics.

COURSE LENGTH

24 hours of course work ideally delivered over 3 days. 

TESTING/CERTIFICATION

Course includes a certificate of attendance.

COURSE STRUCTURE/CONTENT OUTLINE

FOREWARD: SCENARIO INTRODUCTION

Students are introduced to scenario which will play out throughout the ongoing introduction to course content. 

LESSON 1 INTRODUCTION TO INTELLIGENCE & INCIDENT RESPONSE

1.1 What is Incident Response?

1.1.1 Incident Response Life Cycle and Protocols

1.1.2 Preparation, Detection & Analysis, Containment Eradication & Recovery, Post-Incident Actions

1.1.3 Integrating Forensics into Incident Response

1.2 What is Cyber Threat Intelligence?

1.2.1 Intelligence vs. Information vs. Evidence

1.2.2 Reducing Uncertainty 

1.2.3 Proactive vs. Reactive

1.2.4 Introduction to the Intelligence Cycle

1.2.5 All-Source Intelligence Lead Operations

LESSON 2 PLANNING AND DIRECTING DFIR

2.1 Strategic Planning

2.2 Operational Planning

2.3 Tactical/Technical Planning

LESSON 3 GENERATING DFIR REQUIREMENTS

3.1 Generating Requirements

3.1.1 Where requirements come from

3.1.2 Requirements Examples

3.2 Requirements for Digital Forensics Incident Response Operations 

LESSON 4 INTELLIGENCE COLLECTION & DFIR OPERATIONS

4.1 Collections Management (Tasking) & Planning

4.1.1 Developing a Collections Plan & Collection Platform

4.1.2 Single-Source Intelligence Assets

4.1.3 Intelligence Led Operations

4.1.3.1 Threat Intelligence

4.1.3.2 Digital Forensics

4.1.4 Scenario Application

LESSON 5 EVIDENCE AND INFORMATION PROCESSING AND EXPLOITATION

5.1 Source Specific exploitation and processing

5.1.1 Malware Analysis

5.1.2 Log/Data Analysis

5.1.3 Hunting (F3EAD)

5.1.4 Forensic Discovery and Exploitation

5.1.5 Scenario Application

LESSON 6 DFIR ANALYSIS AND REPORTING

6.1 Structured Analytic Techniques

6.1.1 Threat Modeling

6.1.2 Scenario Application: Attribution

6.2 Reporting Overview

6.2.1 Report Types: Strategic, Operational, Tactical

6.2.1.1 Tactical reporting to provide technical guidance 

LESSON 7 CASE WRAPUP & EXERCISE

7.1 Case re-examination Exercise

7.2 Satisfied Requirements

7.3 Post-Incident Report

PRICE: $2,950

Contact for Government rate

root9B reserves the right to cancel or change a class at any time, including but not limited to, lack of participation, classroom, equipment or trainer availability. All courses require a minimum of 6 attendees. Notification will be provided within 14 days of the class, whenever possible. Registrants will be issued a course voucher for the next available course in the event of a course cancellation. root9B is not liable for any direct, or indirect, consequential or special damages that may be incurred due to a cancellation of a scheduled class, including, but not limited to, cancellation penalties for transportation or accommodations. The customer or student's sole remedy shall be a voucher for future training.

Dates & Locations

November 7, 2017
 (
Honolulu, HI
)
January 3, 2018
 (
San Antonio, TX
)
January 3, 2018
 (
Colorado Springs, CO
)
February 21, 2018
 (
Colorado Springs, CO
)
March 5, 2018
 (
Columbia, MD
)
August 20, 2018
 (
Annapolis Junction, MD
)
September 5, 2018
 (
Colorado Springs, CO
)
November 14, 2018
 (
San Antonio, TX
)